package org.springframework.security.oauth2.server.authorization.oidc.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcClientRegistrationHttpMessageConverter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.support.WebContentGenerator;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.0.2.jar:org/springframework/security/oauth2/server/authorization/oidc/web/authentication/OidcClientRegistrationAuthenticationConverter.class */
public final class OidcClientRegistrationAuthenticationConverter implements AuthenticationConverter {
    private final HttpMessageConverter<OidcClientRegistration> clientRegistrationHttpMessageConverter = new OidcClientRegistrationHttpMessageConverter();

    @Override // org.springframework.security.web.authentication.AuthenticationConverter
    public Authentication convert(HttpServletRequest httpServletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (WebContentGenerator.METHOD_POST.equals(httpServletRequest.getMethod())) {
            try {
                return new OidcClientRegistrationAuthenticationToken(authentication, this.clientRegistrationHttpMessageConverter.read2(OidcClientRegistration.class, new ServletServerHttpRequest(httpServletRequest)));
            } catch (Exception e) {
                throw new OAuth2AuthenticationException(new OAuth2Error("invalid_request", "OpenID Client Registration Error: " + e.getMessage(), "https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError"), e);
            }
        }
        String parameter = httpServletRequest.getParameter("client_id");
        if (StringUtils.hasText(parameter) && httpServletRequest.getParameterValues("client_id").length == 1) {
            return new OidcClientRegistrationAuthenticationToken(authentication, parameter);
        }
        throw new OAuth2AuthenticationException("invalid_request");
    }
}
